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Applicant herewith submits to the United States Designated/Elected Office (DO/EO/US) the following items under 35 USC 371: 



1 . a This is a FIRST submission of items concerning a filing under 35 USC 371 . 

2. □ This is a SECOND or SUBSEQUENT submission of items concerning a filing under 35 USC 371. 

3 . s This express request to begin national examination procedures (35 USC 371 (f)) at any time rather than delay examination 

until the expiration of the applicable time limit set in 35 USC 371(b) and PCT Articles 22 and 39(1). 

A. m A proper Demand for International Preliminary Examination was made by the 19th month from the earliest claimed 
priority date. 

- 5 a A copy of the International Application as filed 35 USC 371(c)(2). 

a. □ is transmitted herewith (required only if not transmitted by the International Bureau). 
t IV b. 0 has been transmitted by the International Bureau. 

c. □ is not required, as the application was filed in the United States Receiving Office (RO/US). 

~- 6. s A translation of the International Application into English (35 USC 371(c)(2)). 

w i l. E3 Amendments to the claims of the International Application under PCT Article 19 (35 USC 371(c)(3)) 
J\ a. □ are transmitted herewith (required only if not transmitted by the International Bureau). 

b. □ have been transmitted by the International Bureau. 

Il; c. □ have not been made; however, the time limit for making such amendments has NOT expired. 
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□ 8. □ A translation of the amendments to the claims under PCT Article 19 (35 USC 371(c)(3)). 
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10. OA translation of the annexes to the International Preliminary Examination Report under PCT Article 36 
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13. si A FIRST preliminary amendment. 
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Reduction by V2 for filing by small entity, if applicable. Small Entity Status is 
afscrted pursuant to 37 CFR 1 .27 for this application. 



Processing fee of $130.00 for furnishing the English translation later than □ 20 □ 30 
months from the earliest claimed priority date (37 CFR 1.492(f)). 



TOTAL NATIONAL FEE 



Fee for recording the enclosed assignment (37 CFR 1.21(h)). The 1 
accompanied by an appropriate cover sheet (37 CFR 3.28, 3.31). 
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$40.00 per property 
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a A check in the amount of $890.00 to cover the fees is enclosed. 
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to cover the above fees. 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



International Patent Application 
No. PCT/EP00/03530 

PCT/DO/EO/US 

International Filing Date: 19 April 2000 

Attorney Docket: BALD3003/JEK 

Applicant: Michael BALDISCHWEILER 



For: PROTECTION OF THE CORE PART OF A COMPUTER AGAINST EXTERNAL 
MANIPULATION 



PRELIMINARY AMENDMENT 



Commissioner for Patents 
Washington, D.C. 20231 



Sir: 

This Preliminary Amendment accompanies documents to establish the U.S. 
national stage processing of the above-identified international patent application. 
Before calculation of the filing fee and before examination, kindly amend the application 
as follows. 

AMENDMENT 



IN THE CLAIMS : 

Please amend claims 1 - 1 4 as shown on the appended APPENDIX OF CLAIMS. 
Also appended hereto is an APPENDIX OF MARKED UP CLAIMS showing all of the 
revisions to the claims made by the present amendment. 



International Application No. PCT/EPOO/03530 
Attorney Docket: BALD3003/JEK 



REMARKS 

Examination of the application as amended is respectfully requested. 

Respectfully submitted, 




Customer 23364 625 Slaters Lane - 4 th Floor 



Alexandria, VA 22314-1176 
Telephone: (703) 683-0500 
Facsimile: (703) 683-1080 

Date: October 23, 2001 
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PATENT TRADEMARK OFFICE 



APPENDIX OF CLAIMS 



1 (Amended). A method for protecting a computer with a central processing unit 
(CPU) from external manipulation, comprising: forming a final check sum by 
mathematical combination with reference to register contents of the CPU arising at the 
end of processing of an instruction by the CPU, and stored, and forming an initial check 
sum with reference to the register contents arising before the onset of processing of the 
next instruction by the CPU, and creating an error message if the initial check sum does 
not match the final check sum. 

2(Amended). The method according to claim 1, wherein upon loading of the 
instruction a counter is started for counting the clock cycles necessary for executing the 
instruction and outputting an error signal when the predetermined clock cycles are 
overshot or undershot. 

3(Amended). The method according to claim 2, wherein the error signal triggers 
an interrupt or leads to discontinuance of the clock signal supply. 

4(Amended). The method according to claim 1, wherein the number of clock 
cycles necessary for executing an instruction is obtained by a logic circuit from the 
opcode of the instruction. 

5(Amended). The method according to claim 1, wherein the mathematical 
combination takes place by means of exclusive-OR combination of the register 
contents. 

6(Amended). The method according to claim 1, wherein the initiation of the 
method is triggered by random or defined events. 
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7(Amended). The method according to claim 6, wherein the method is triggered 
in time-dependent fashion. 

8(Amended). The method according to claim 6, wherein the method is triggered 
when the content of one or more registers of the CPU corresponds to a predetermined 
pattern. 

9(Amended). The method according to claim 6, wherein the method is triggered 
after processing of a predetermined number of instructions in each case. 

1 0(Amended). A central processing unit (CPU) for a computer for carrying out 
the method according to claim 1, comprising 

- a combination of several registers of the CPU by logic elements to form 

a check sum, 

- a check sum memory for storing a first check sum formed by the logic 

elements, 

- a comparer for comparing a second check sum formed by the logic 
elements with the first check sum stored in the memory, and 

- a control device for controlling the storage of the first check sum in the 
check sum memory and for controlling the comparer. 

11 (Amended). The central processing unit according to claim 10, including a 
counter for counting the clock cycles required for an instruction execution. 

12(Amended). The central processing unit according to claim 10, including a 
logic circuit arranged to determine from the opcode of the instruction the clock cycles 
necessary for executing an instruction. 
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1 3(Amended). A computer comprising a central processing unit made according 
to claim 10. 

14(Amended). A smart card comprising a central processing unit made 
according to claim 10. 
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APPENDIX OF MARKED UP VERSION OF CLAIMS 

1 (Amended). A method for protecting a computer with a central processing unit 
(CPU) from external manipulation, [characterized in that] comprising: forming a final 
check sum [is formed] by mathematical combination with reference to register contents 
of the CPU arising at the end of processing of an instruction by the CPU, and stored, 
and forming an initial check sum [is formed] with reference to the register contents 
arising before the onset of processing of the next instruction by the CPU, and creating 
an error message [being effected] if the initial check sum does not match the final check 
sum. 

2(Amended). [A] The method according to claim 1, [characterized in that] 
wherein upon loading of the instruction a counter is started for counting the clock cycles 
necessary for executing the instruction and outputting an error signal when the 
predetermined clock cycles are overshot or undershot. 

3(Amended). [A] The method according to claim 2, [characterized in that] 
wherein the error signal triggers an interrupt or leads to discontinuance of the clock 
signal supply. 

4(Amended). [A] The method according to [any of claims 1 to 3, characterized 
in that] claim 1. wherein the number of clock cycles necessary for executing an 
instruction is obtained by a logic circuit from the opcode of the instruction. 

5(Amended). [A] The method according to [any of claims 1 to 4, characterized 
in that] claim 1. wherein the mathematical combination takes place by means of 
exclusive-OR combination of the register contents. 
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6(Amended). [A] Ihe method according to [any of claims 1 to 5, characterized 
in that] claim 1 . wherein the initiation of the method is triggered by random or defined 
events. 

7(Amended). [A] The method according to claim 6, [characterized in that] 
wherein the method is triggered in time-dependent fashion. 

8(Amended). [A] Ihe method according to claim 6, [characterized in that] 
wherein the method is triggered when the content of one or more registers of the CPU 
corresponds to a predetermined pattern. 

9(Amended). [A] The method according to claim 6, [characterized in that] 
wherein the method is triggered after processing of a predetermined number of 
instructions in each case. 

10(Amended). A central processing unit (CPU) for a computer for carrying out 
the method according to [any of claims 1 to 6] claim 1 . comprising 

- a combination of several registers of the CPU by logic elements to form 

a check sum, 

- a check sum memory for storing a first check sum formed by the logic 

elements, 

- a comparer for comparing a second check sum formed by the logic 
elements with the first check sum stored in the memory, and 

- a control device for controlling the storage of the first check sum in the 
check sum memory and for controlling the comparer. 

11 (Amended). [A] Ihe central processing unit according to claim 10, 
[characterized by] including a counter for counting the clock cycles required for an 
instruction execution. 
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12(Amended). [A] The central processing unit according to claim 10 [or 11], 
[characterized by] including a logic circuit [for determining] arranged to determine from 
the opcode of the instruction the clock cycles necessary for executing an instruction. 

1 3(Amended). A computer comprising a central processing unit made according 
to [any of claims 1 0 to 1 2] claim 10 . 

14(Amended). A smart card comprising a central processing unit made 
according to [any of claims 10 to 12] claim 10 . 
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Protection of a computer core from external manipulation 

The present invention relates to the protection of a computer from external ma- 
nipulation, in particular protection of the data present in the computer core or central 
processing unit (CPU). This invention is to be applied in particular for smart cards 
since they must be especially protected from manipulation from outside. 

It is known to protect memory areas of a computer from manipulation for ex- 
ample by bus encryption, memory encryption and the like. DE 37 09 524 C2 dis- 
closes for example a test routine for checking the storage cell contents of a program 
memory. By forming a check sum over the storage cell contents at the onset of or 
during a program run and comparing it with a check sum previously stored in the 
program memory one can detect a change in the original storage cell contents as 
well as a change occurring only during operation, which leads to an error message. 

The problem of the present invention is to propose a way of better protecting 
the computer from external manipulation. 

This problem is solved according to the invention by a method, a central proc- 
essing unit for carrying out said method, and a computer and smart card with such a 
central processing unit according to the features of the independent claims. Advan- 
tageous embodiments of the invention are stated in the subclaims. 

The invention starts out from the idea of increasing the security of the com- 
puter by protecting the data present in the computer core, that is, in the central proc- 
essing unit (CPU) of the computer, from external manipulation since the data are 
present in the computer core in unencrypted form and therefore easily manipulable. 

In order to recognize such manipulation one determines a check sum from sev- 
eral register contents of the CPU by mathematical combination, for example by an 
exclusive-OR operation (XOR operation), after an instruction has been processed by 
the CPU and stores it in a memory as a final check sum. Before the next instruction 
is processed by the CPU a check sum is formed again, that is, the initial check sum. 
By comparing the initial check sum with the final check sum, which must match, 
one can ascertain whether register contents of the CPU were manipulated after the 
last instruction processing. As register contents one might use the contents of those 




areas of the CPU which can assume a nonzero state, such as in the 8051 type proces- 
sor the accu, B-accu, data pointer (DPTR, DPL, DPH), registers (R0 to R7) of the 
register banks, program status word (PSW), stack pointer (SP), special function reg- 
ister (SPR) and the like. 

To further increase security one can additionally, when loading an instruction, 
start a counter for counting the clock cycles necessary for executing the instruction. 
The counter is preferably constructed in terms of hardware. A logic derives from the 
instruction opcode the number of clock cycles necessary for execution and converts 
it into a counter value. The counter then runs parallel to the executed instruction. It 
is checked whether the instruction to be executed is executed within the stated clock 
cycles. In case the instruction was not executed within the predetermined time pe- 
riod, the clock supply is discontinued, for example, so that no further execution of 
instructions is possible. Alternatively a reset can be triggered and the central proc- 
essing unit thus reset. The same steps can be taken if the instruction was executed 
prematurely, i.e. the limiting value of the instruction counter was not yet reached 
and a new operation code was already recognized. 

The logical combination of the security-relevant registers can be realized by 
hardware or software. Check sum formation between two consecutive instructions 
can be effected for example on the basis of random or defined events or constantly. 

The invention will be explained in more detail in the following with reference 
to the drawings, in which: 

Fig. 1 shows the structure of a microcontroller by the example of an 8051 proc- 
essor, and 

Fig. 2 shows a logic for combining several areas of the central processing unit. 

Fig. 1 shows the structure of an 805 1 processor, that is, an 8-bit processor. 
While data are protected from manipulation by bus or memory encryption in known 
encryption methods, data are present in unencrypted form in the core of the com- 
puter, i.e. the central processing unit or CPU. The inventive method now determines 
whether one or more registers of the CPU have been manipulated. 

Fig. 2 shows by way of example such security-relevant areas of the CPU that 
could be manipulated, namely stack pointer SP, accu AC, B-accu BAC, registers R0 
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to R7, data pointer DPL and DPH for the lower and upper areas of the internal 
RAM. Said registers are combined logically to form a check sum. In Fig. 2 two 8-bit 
registers are combined in each case by an exclusive-OR gate (XOR). Thus, XORing 
of registers RO and R2 yields a new 8-bit pattern that is again XORed with the 8 -bit 
pattern resulting from XORing of registers Rl and R7. Further XORing of the re- 
sulting 8-bit patterns finally yields an 8-bit pattern that serves as a check sum and is 
designated "initial check sum" in Fig. 2. Instead of XORing, which is advantageous 
in particular with respect to the effort, one can of course also choose other embodi- 
ments for forming the check sum. 

If the combination of the registers is executed in terms of hardware by logic 
elements, the check sum changes immediately when the content of a register 
changes. That is, during execution of an instruction processed in the CPU the check 
sum might change many times. The only check sums crucial for carrying out the 
method, however, are the one after execution of an instruction and the one before 
execution of the next instruction since these two check sums (final check sum of one 
instruction and initial check sum of the next instruction) are compared in a com- 
parer. 

Comparison is performed as follows. The check sum arising at the end of exe- 
cution of a first instruction is stored as the final check sum in a memory on the CPU. 
In order to ascertain whether manipulation of the CPU has taken place after execu- 
tion of said first instruction and before loading of the next, second instruction into 
the CPU, the initial check sum is formed as described above parallel to the loading 
of said second instruction. In first step a) the initial check sum is compared by a 
comparer with the final check sum stored in the memory from the previously exe- 
cuted first instruction. In case no manipulation was performed on the CPU, the ini- 
tial and final check sums match and the value of the result of comparison is zero. 
The comparer outputs a signal on the basis of which the currently available check 
sum is stored in the memory as the new final check sum in second step b) after exe- 
cution of the second instruction. That is, the execution of the second instruction is 
not interrupted in this case. However, if comparison of the initial check sum and fi- 
nal check sum yields a nonzero value, manipulation of the CPU must be inferred. 
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The output signal of the comparer then leads not to second step b) but to error mes- 
sage c) which causes abortion of instruction processing in the case shown in Fig. 2. 
For example, the processor can be stopped, a security sensor activated or, in the case 
of a smart card, the smart card withheld by the terminal. 

The above-described security mechanism can also be realized strictly in terms 
of software by the check sums being determined at the end of an instruction execu- 
tion, on the one hand, and at the onset of the next instruction execution, on the other 
hand, and compared. The corresponding program can be stored for example in the 
ROM or EPROM of the processor and the final check sum stored in the bit- 
addressable RAM of the processor. 

The described method need not be performed before each instruction to be 
executed. One embodiment of the invention provides for the carrying out of the 
method to depend on a random or defined event According to a first embodiment, 
the method can be triggered in time-dependent fashion. 

According to another embodiment, the method can be triggered by the content 
of one or more registers of the CPU corresponding to a predetermined pattern. 

Yet another embodiment of the invention provides for the method to be trig- 
gered after processing of a predetermined number of instructions in each case. 

A preferred embodiment is one by which the method is only triggered if there 
is a relatively long, defined time period between the instruction after whose execu- 
tion the check sum was stored as the final check sum in the memory and the initial 
check sum at the onset of execution of the next instruction. This saves valuable 
computer capacity in execution of a program with many instructions. Assuming that 
manipulation of the CPU, in particular with smart cards, does not take place during 
the program run but when the smart card is removed from the smart card terminal, 
manipulation of the CPU is nevertheless reliably detectable by means of this latter 
described embodiment. 
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Patent claims 

1. A method for protecting a computer with a central processing unit (CPU) from 
external manipulation, characterized in that a final check sum is formed by 
mathematical combination with reference to register contents of the CPU aris- 
ing at the end of processing of an instruction by the CPU, and stored, and an 
initial check sum is formed with reference to the register contents arising be- 
fore the onset of processing of the next instruction by the CPU, an error mes- 
sage being effected if the initial check sum does not match the final check sum. 

2. A method according to claim 1, characterized in that upon loading of the in- 
struction a counter is started for counting the clock cycles necessary for execut- 
ing the instruction and outputting an error signal when the predetermined clock 
cycles are overshot or undershot. 

3 . A method according to claim 2, characterized in that the error signal triggers an 
interrupt or leads to discontinuance of the clock signal supply. 

4. A method according to any of claims 1 to 3, characterized in that the number of 
clock cycles necessary for executing an instruction is obtained by a logic cir- 
cuit from the opcode of the instruction. 

5. A method according to any of claims 1 to 4, characterized in that the 
mathematical combination takes place by means of exclusive-OR combination 
of the register contents. 

6. A method according to any of claims 1 to 5, characterized in that the initiation 
of the method is triggered by random or defined events. 

7. A method according to claim 6, characterized in that the method is triggered in 
time-dependent fashion. 

8. A method according to claim 6, characterized in that the method is triggered 
when the content of one or more registers of the CPU corresponds to a prede- 
termined pattern. 

9. A method according to claim 6, characterized in that the method is triggered 
after processing of a predetennined number of instructions in each case. 



-6- 

10. A central processing unit (CPU) for a computer for carrying out the method 
according to any of claims 1 to 6, comprising 

a combination of several registers of the CPU by logic elements to form a 
check sum, 

a check sum memory for storing a first check sum formed by the logic 
elements, 

a comparer for comparing a second check sum formed by the logic ele- 
ments with the first check sum stored in the memory, and 
a control device for controlling the storage of the first check sum in the 
check sum memory and for controlling the comparer. 

11. A central processing unit according to claim 10, characterized by a counter for 
counting the clock cycles required for an instruction execution. 

12. A central processing unit according to claim 10 or 1 1, characterized by a logic 
circuit for determining from the opcode of the instruction the clock cycles nec- 
essary for executing an instruction. 

13. A computer comprising a central processing unit according to any of claims 10 
to 12. 

14. A smart card comprising a central processing unit according to any of claims 
10 to 12. 
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"ATexandrialvA^^ 



Telephone Calls to: J. Ernest Kenney 
f703 J 683-0500 . " 



Full Name of First or Sole Inventor 
Q Michael BALDISCHWEJJLER-. 



62 



Citizenship 

Germany/- 



Residence Address 
Friedrich-Eckardstr. 60, D-81929 MunciierjuGermany 



Post Office Address is the same as Residence Address unless 
otherwise shown below 



Signature 

X /U 



S:\PrODUCER\jek\BALDISCHWEILER- 



O See following page(s) for additional joint 



